refactor: decode_cpe23 de-duplication

[terriko]

#4164 added a second cpe-decoding function which is basically the same as the one found in the sbom code. We should refactor things so we don't have duplicated code. Probably the best thing to do is move the decode_cpe23 function in with our other utils and import it from there in both the language parser and sbom code.

Pinging @inosmeet and @mastersans in case you need to coordinate so this doesn't break the two PRs that are still open (I'm still waiting on licensing approval for lib4vex before those merge, but they are otherwise ready). I think the changes needed should be pretty minimal so it won't be a big problem, though.

[mastersans]

Currently I'm using decode_bom_ref in my vex parser same as the one present in sbom_manager which I was thinking of Refactoring later so that can be included aswell , also I will require decode_cpe function for openvex parsing specifically, and decode_purl for csaf and openvex parsing. may be for some improvement in cyclonedx too, so anyone interested in working on this one feel free to do so, I will do it later if its open then.

cc @terriko @anthonyharrison @inosmeet